I'm working on "Enterprise" use of Evolution, and one of the big requirements is encryption of data at rest. The answer "just encrypt the whole of the user's home directory" only puts them off for so long.
So I'm looking at implementing this directly in camel-data-cache, e-cal-backend-cache, etc. I'll probably do the encryption with a randomly-generated key, which itself is stored locally, encrypted with a password. That way, changing the password doesn't involve re-encrypting the whole of the store; you only need to re-encrypt the master key. It also means that we can tie the password for the cache to the password for the server; entering one will allow access to both. Hopefully, the changes required to code that *uses* the cache functionality should be fairly limited. Mostly it should be handled by extra arguments to camel_data_cache_new(), e_cal_backend_cache_new(), camel_db_open() and similar functions. I'm hoping that it's reasonable to declare that *filenames* are not sensitive, and that we only need to encrypt the *contents* of files. Does that seem fair? Any other comments on the approach? -- David Woodhouse Open Source Technology Centre [email protected] Intel Corporation _______________________________________________ evolution-hackers mailing list [email protected] To change your list options or unsubscribe, visit ... http://mail.gnome.org/mailman/listinfo/evolution-hackers
